Forum rules
There are no such things as "stupid" questions. However if you think your question is a bit stupid, then this is the right place for you to post it. Please stick to easy to-the-point questions that you feel people can answer fast. For long and complicated questions prefer the other forums within the support section.Before you post please read how to get help

I have recently converted to LMDE from Ubuntu 12.10 and 12.04 before that, and must say I'm enjoying the LMDE experience so far. I do have one query regarding how LMDE/ Debian in general handles security updates. Apologies if this is a noob question, I have read around the forums a bit and can't quite find the answer to my query.

I understand that LMDE organises the rolling release Debian testing branch into Update Packs which are then periodically released. The main benefit of this being, as I understand, that any potential bugs/ breakages from the Debian testing branch can be ironed out before being pushed out to unsuspecting people like myself. Conversely, I understand that a downside to this approach is that security updates can be slower reaching LMDE than they are reaching the pure Squeeze/ Wheezy branches.

My question, or rather questions, are as follows.

1) Can we get around the delay in LMDE security updates by adding the standard Debian security repo to the sources list, or is this a recipe for conflicts?2) If we can, is it best to add the squeeze security repo "deb http://security.debian.org/ squeeze/updates main contrib non-free", or the wheezy security repo "deb http://security.debian.org/ wheezy/updates main contrib non-free"3) Is there any merit in adding both repos? As I understand it the Debian Security team primarily provides support for Debian Stable, and then for Debian testing (http://www.debian.org/security/faq#testing). Are there therefore likely to be security patches in stable that have not been added in testing, or have a read this all wrong?4) Taking answers to the above into account (sorry, I'm getting there, I promise) am I likely to encounter issues with a sources list that currently looks like this:

the way you're planning to do it is a recipe to disaster; you either stay in the update-packs flow (latest or incoming, one or the other, the one that suits you better) or you go all the way to testing (or sid); playing in-betweens as you are thinking is a no-go.

zerozero is very right, and I believe that when UPs were originally introduced, they still used the Security and Multimedia Repos, but they caused problems (I'm not completely sure though, as that was before my time with LMDE ). I believe that the LM team would update any packages that have significant problems, but overall the UPs are behind on security. Personally, I find that stable gets updates basically ASAP, and Debian is very good at patching all of that stuff. While Testing has a security repo and sid doesn't, it's my understanding that security updates enter sid before testing in most cases and the updates follow the standard migration requirements (10 days old, no release critical bugs, etc). However, I think that if there are significant vulnerabilities, the Debian security team will "skip" this process and move them directly into the security repo.

You can usually apt pin packages from newer releases if absolutely necessary (but only if absolutely necessary), although I'm very guilty of breaking this guideline . I pin AWN and compiz from Sid and iceweasel and icedove from experimental on my testing installs and use a few too many backports on my stable installs. For certain packages it will work out, but probably not to the extent I do it, although iceweasel 18 works great on Debian while firefox 18 for windows is broken . I can't open it any more after the update on Windows, so I feel somewhat better about pulling important packages from experimental. Anyways, the point is that in specific cases where you're willing to risk breakages and it is absolutely critical that you have the version in some other release, you can use apt pinning to install it.